Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

What is endpoint management?

Endpoint management is an industry term for the practice of providing a secure and stable environment for a community of connected devices. Another name for that connected device is an endpoint. The computer, tablet or phone you are reading this on right now is an endpoint on the network you are connected to. A key goal of endpoint management is to assure that endpoint devices are secure and protected from exploitation. 

Why is endpoint management necessary?

Franklin OIT works in concert with EITS to provide security on our networks, and we have different roles but the same goal: To protect data available through the endpoints associated with our clients.  EITS uses tools that monitor the network for bad-actors who have successfully attacked a computer on the network, and will inform Franklin OIT if the endpoint is in our area or range of the network.  Repairing compromised devices after they are exploited is considered a reactive approach to maintaining endpoint security.  EITS also proactively monitors the network for known vulnerabilities. This means that an endpoint may not have been compromised yet, but it is susceptible to attack because either the version of the operating system or version of an installed software package is vulnerable to attack.  It's important to proactively patch, or update to a newer version when a vulnerability has been discovered. Patching the vulnerability secures the endpoint and effectively remediates the threat.

Franklin OIT takes a proactive role in Endpoint Management.  We use several tools which allow us to maintain an inventory of computer endpoints, along with installed software, to identify vulnerabilities and track our progress in patching them.  We use tools that automatically update computer operating systems and application software to newer, more secure versions.  If there is a particularly nefarious vulnerability, referred to as a zero-day, we can look at the inventory to see what endpoints are affected and target them for upgrades.  This is why we use tools like ivanti and JAMF to keep inventories of computers and installed software versions.  These tools gather specific and limited information used to inform Franklin OIT's endpoint security strategy and allow us to rapidly respond to security threats by targeting affected endpoints in our inventory.

Collectively, ivanti and JAMF are Endpoint Management Tools that help a large organization like the Franklin College of Arts and Sciences manage many thousands of endpoints.  We talked about how these tools help us keep our devices secure through regular patching, but they also help us manage settings and preferences to assure compliance with the strict security requirements needed in an enterprise environment – one where many computers and associated devices share a common network.  Although your computer may not contain sensitive or restricted data, if left unmanaged it could provide an entry point on the network to other systems that do have sensitive or restricted data. 

How does endpoint management help me?

Some features and preferences of modern computer operating systems that are useful in the home environment are not suitable for the enterprise environment where many devices interact.  These computer use policies are set by USG, EITS and Franklin OIT and are designed to keep the institution's data and networks safe.  Franklin OIT uses endpoint management tools to adhere to these polices and configure computers to meet those standards.  Achieving a reasonable security balance requires sacrificing some level of convenience, but Franklin OIT always strives to balance this tradeoff to achieve the highest level of security while maintaining the highest level of convenience.

Help Documents

External Resources


  • No labels